This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
I've worked in the networking field since 1989 and never surprised at how many times basic protocol knowledge and analysis skills come into play. Basic knowledge of protocols is becoming essential regardless if you are in the security, server, desktop or networking fields.
My clients tell me there is no shortage of information on protocols, but find it difficult to get practical guidance. So I thought this would be the perfect opportunity to share some knowledge on some of the TCP analysis options, starting with the SYN (synchronization) protocol. TCP SYN packet analysis can help you with network troubleshooting by providing accurate response times. You can also use the SYN packet for baselining network performance, which can help you when there are performance issues.
In the video below, I use a trace file to demonstrate TCP SYN analysis.
You may recognize TCP SYN as part of the three-way handshake that's used to open or start a TCP connection. The SYN itself is very useful in calculating TCP round-trip time, which is far more accurate than any ping.
Remember that ping uses the Internet Control Message Protocol (ICMP), which is prone to many possible issues. For example, ICMP may be blocked, spoofed, rerouted or treated as a low-priority protocol. Any of these scenarios would result in skewed response times.
Some application performance monitoring (APM) tools measure and track the delta time between the TCP SYN and its corresponding ACK (acknowledged) packet. A common term for this measurement is “TCP connect” time, which is used to create a baseline for performance metrics.
The manual method of performing the same measurement is to use a TCP conversation filter -- same IP addresses and TCP port numbers -- in combination with the TCP SYN FLAG.
In my next blogs, I will cover other TCP analysis options, including WIN, MSS, SACK_PERM, and WS. In each, I will examine how the option helps with network analysis and troubleshooting.
AIOps has great potential to streamline workflows and increase productivity within IT and NetOps teams. This can improve business outcomes and allow for the reallocation of resources to other projects.
Delivering automation throughout the IT stack helps alleviate organizational strains, making it possible to manage change at scale both on-premises and in the cloud while ensuring the performance and functionality.
As with all generational changes and upgrades, plan carefully, make sure that the monitoring fabric is an integral part of that plan, and put that monitoring in place early to ensure a smooth and secure transition to the new data rate.